Pulse Connect Secure Pulse Policy Secure ¢â‚¬› documentation ¢â‚¬› en_US ¢â‚¬› pulse... The Pulse Secure product

  • View
    6

  • Download
    0

Embed Size (px)

Text of Pulse Connect Secure Pulse Policy Secure ¢â‚¬› documentation...

  • © 2014 by Pulse Secure, LLC. All rights reserved 1

    Pulse Connect Secure Pulse Policy Secure

    Solutions Deployment Guide for Design and

    Configuration

    Product Release 8.1/5.1

    Document Revision 1.0 Published: 2014-12-15

  • Solutions Deployment Guide for Design and Configuration

    Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 http://www.pulsesecure.net

    © 2014 by Pulse Secure, LLC. All rights reserved

    Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks,

    registered trademarks, or registered service marks are the property of their respective owners.

    Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change,

    modify, transfer, or otherwise revise this publication without notice.

    Pulse Connect Secure / Pulse Policy Secure Solutions Deployment Guide for Design and Configuration

    The information in this document is current as of the date on the title page.

    END USER LICENSE AGREEMENT

    The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software.

    Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at

    http://www.pulsesecure.net/support/eula. By downloading, installing or using such software, you agree to the terms and conditions of that

    EULA.

    Revision History

    2014-12-15 – Initial Version

    http://www.pulsesecure.net/ http://www.pulsesecure.net/support/eula

  • Solutions Deployment Guide for Design and Configuration

    © 2014 by Pulse Secure, LLC. All rights reserved 3

    Table of Contents

    Introduction ---------------------------------------------------------------------------------------------------------------------------- 5

    Audience --------------------------------------------------------------------------------------------------------------------------------- 5

    Pulse Connect Secure ---------------------------------------------------------------------------------------------------------------- 5

    a) How to configure GSLB (Global Server Load balancing) in Stingray Traffic Manager for disaster recovery of Pulse Connect Secure Active/Passive clusters at multiple locations ----------------------------- 5

    Pulse Policy Secure ----------------------------------------------------------------------------------------------------------------- 16

    a) How to configure Pulse Policy Secure to communicate with Trapeze Wireless Controllers: ----- 16 b) How to deploy and configure multiple standalone Pulse Policy Secure devices behind F5 Load balancer in NAC environment: ------------------------------------------------------------------------------------------- 25

  • Solutions Deployment Guide for Design and Configuration

    © 2014 by Pulse Secure, LLC. All rights reserved 4

    List of Figures Figure 1 Notional Design ------------------------------------------------------------------------------------------------------------ 6 Figure 2 Clustering -------------------------------------------------------------------------------------------------------------------- 7 Figure 3 Cluster Mapping ----------------------------------------------------------------------------------------------------------- 8 Figure 4 GSLB Locations ------------------------------------------------------------------------------------------------------------- 8 Figure 5 GLB Services ---------------------------------------------------------------------------------------------------------------- 9 Figure 6 GLB Services > DNS GSLB ---------------------------------------------------------------------------------------------- 10 Figure 7 GLB Services > DNS GSLB > Connection Settings --------------------------------------------------------------- 11 Figure 8 Pool > DNS-loadbalance ----------------------------------------------------------------------------------------------- 12 Figure 9 virtual servers > dns-gslb --------------------------------------------------------------------------------------------- 13 Figure 10 DNS GSLB ---------------------------------------------------------------------------------------------------------------- 14 Figure 11 Radius Client ------------------------------------------------------------------------------------------------------------ 16 Figure 12 Alpha-WLAs ------------------------------------------------------------------------------------------------------------- 17 Figure 13 Radius Return Attribute --------------------------------------------------------------------------------------------- 17 Figure 14 Endpoints - VLAN ------------------------------------------------------------------------------------------------------ 18 Figure 15 Tasks Panel -------------------------------------------------------------------------------------------------------------- 20 Figure 16 802.1x Service Profile Wizard -------------------------------------------------------------------------------------- 21 Figure 17 Wireless Services - Configuration --------------------------------------------------------------------------------- 21 Figure 18 Wireless Service Profiles -------------------------------------------------------------------------------------------- 22 Figure 19 Service Profile Properties ------------------------------------------------------------------------------------------- 22 Figure 20 Radius Servers ---------------------------------------------------------------------------------------------------------- 23 Figure 21 Network Topology ---------------------------------------------------------------------------------------------------- 26 Figure 22 Load Balancer ----------------------------------------------------------------------------------------------------------- 27

  • Solutions Deployment Guide for Design and Configuration

    © 2014 by Pulse Secure, LLC. All rights reserved 5

    Introduction This document provides design and configuration information for successfully deploying Pulse

    Connect Secure/Policy Secure in various scenarios. This document provides detailed summary of

    different environmental (configuration, load, topology, and tools) conditions under which the

    overall solutions works.

    Audience The deployment guide is intended for customers, sales, partners, field, TAC and other users who

    install and configure the Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) solutions.

    Pulse Connect Secure a) How to configure GSLB (Global Server Load balancing) in

    Stingray Traffic Manager for disaster recovery of Pulse Connect Secure Active/Passive clusters at multiple locations

    Use case

    A large organization with multiple geographic locations have to provide disaster recovery of

    secure remote access to its employees, partners, and contractors.

    What is the proposed solution in case of a disaster/network disruption?

    The active/passive (A/P) cluster solution ensures that users will be able to access resources even

    if one of the devices fails. But, in case of a disaster or network disruption where both the nodes

    of active/ passive cluster fails at one location, users will not be able to access the resources. To

    overcome the downtime, the proposed solution deployment will help the users to access the

    resources by connecting to the devices deployed in other location.

    Disaster recovery is achieved through DNS-based Global Server Load Balancing (GSLB) where the

    requests to Pulse Connect Secure will be routed through Load balancer. The load balancer

    determines an action depending on the client network and also checks if the backend

    datacenter is up or down. If one of the sites is down, it automatically sends the request to the

    other site.

  • Solutions Deployment Guide for Design and Configuration

    © 2014 by Pulse Secure, LLC. All rights reserved 6

    Notional Design

    The figure shows the design that was proposed for the deployment. Two Pulse Connect Secure

    devices were deployed at two geographical locations and are connected to a DNS-based Global

    Server Load balancer configured in Stingray Traffic Manager.

    Sample scenario:

    1. Two Pulse Connect Secure SM-160s in A/P cluster at each location.

    2. Stingray Traffic Manager load balancer for DNS based GSLB.

    3. DNS server for the end point client network.

    4. Datacenters in the protected network.

    Figure 1 Notional Design

    What are the configurations required to deploy this solution?

    There are four components to be configured to ensure this solution works:

    1. Pulse Connect Secure configuration

    2. DNS server (end point side) configuration

  • Solutions Deployment Guide for Design and Configuration

    © 2014 by Pulse Secure, LLC. All rights reserved 7

    3. Load balancer configuration

    4. End client DNS server configuration

    1. Pulse Connect Secure Configuration

    In the Pulse Connect Secure A/P Cluster, navigate to Clustering -> Properties and configure the

    External VIP for A/P clusters (For example: 192.168.10.201 – for cluster 1 and 192.168.10.8 – for

    cluster 2)

    Figure